projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46bad91) | patch
Fix DSA, preserve BN_FLG_CONSTTIME
authorCesar Pereida <cesar.pereida@aalto.fi>
Mon, 23 May 2016 09:45:25 +0000 (12:45 +0300)
committerMatt Caswell <matt@openssl.org>
Mon, 6 Jun 2016 10:27:55 +0000 (11:27 +0100)
commit621eaf49a289bfac26d4cbcdb7396e796784c534
treed909d0808687d7b6d711acce768272529ad8233ftree | snapshot
parent46bad91986eb56f2beb9059e14fb4ee94c3f952acommit | diff
Fix DSA, preserve BN_FLG_CONSTTIME

Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/dsa/dsa_ossl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.